<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-CN" lang="zh-CN">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0">
	<meta name="keywords" content="SecWiki，维基，安全，资讯，专题，导航，RSS聚合，Ｗeb安全，Ｗeb安全，移动平台，二进制安全，恶意分析，网络安全，设备安全，运维技术，编程技术，书籍推荐">
	<title>SecWiki周刊（第37期)</title>
	<link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/bootstrap.css"/>
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/styles.css" />
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/people.css" />
    <link rel="shortcut icon" href="https://secwiki.b0.upaiyun.com/img/favicon.ico">
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <script src="//upcdn.b0.upaiyun.com/libs/jquery/jquery-1.8.3.min.js"></script>
</head>

<body>
<div class="navbar navbar-fixed-top"><div class="navbar-inner"><div class="container"><a class="btn btn-navbar" data-toggle="collapse" data-target="#yii_bootstrap_collapse_0"><span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span></a><a href="/index.php" class="brand"><img src="https://secwiki.b0.upaiyun.com/logo.jpg" alt="" /></a><div class="nav-collapse collapse" id="yii_bootstrap_collapse_0"><form class="navbar-search pull-right" action="/news/search">
         <input type="text" class="search-query span2" name="wd" placeholder="SecWiki">
        </form>
    	<ul id="yw0" class="nav"><li><a href="/index.php">首页</a></li><li><a href="/event">新闻</a></li><li><a href="/news">技术</a></li><li><a href="/skill">技能</a></li><li><a href="/topic">专题</a></li><li><a href="/book">书籍</a></li><li><a href="/user/members">成员</a></li><li><a href="/opml/index">聚合</a></li><li><a href="/tougao/create">投稿</a></li></ul></div></div></div></div>
<div class="container" id="page">
			<!-- breadcrumbs -->
	
    <div style="margin-left: 15px;">
	    <div class="row-fluid">
    <div id="content">
            <link rel="stylesheet" type="text/css" href="/css/mweekly.css"/>

<h5><strong>SecWiki周刊（第37期）</strong></h5>
<blockquote> 2014/11/10-2014/11/16</blockquote>
<section id="news">
    <div class="weeklydivide">
      <strong>安全资讯</strong>
    </div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Iranian contractor named as Stuxnet &#039;patient zero<br><a target="_blank" href="http://www.theregister.co.uk/2014/11/12/stuxnet_patient_zero/">http://www.theregister.co.uk/2014/11/12/stuxnet_patient_zero/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>京东安全应急响应中心第二届安全沙龙15日开讲<br><a target="_blank" href="http://bobao.360.cn/activity/detail/53.html">http://bobao.360.cn/activity/detail/53.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>黑暗旅馆APT剑指全球高管<br><a target="_blank" href="http://www.secpulse.com/archives/2099.html">http://www.secpulse.com/archives/2099.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>能存活19年的bug不是bug<br><a target="_blank" href="http://www.vaikan.com/a-19-years-old-bug/">http://www.vaikan.com/a-19-years-old-bug/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>The Future of Incident Response<br><a target="_blank" href="https://www.schneier.com/blog/archives/2014/11/the_future_of_i.html">https://www.schneier.com/blog/archives/2014/11/the_future_of_i.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Sophisticated Targeted Attack Via Hotel Networks<br><a target="_blank" href="https://www.schneier.com/blog/archives/2014/11/sophisticated_t.html">https://www.schneier.com/blog/archives/2014/11/sophisticated_t.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>Chinese Routing Errors Redirect Russian Traffic<br><a target="_blank" href="http://research.dyn.com/2014/11/chinese-routing-errors-redirect-russian-traffic/">http://research.dyn.com/2014/11/chinese-routing-errors-redirect-russian-traffic/</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>SANS：2014年安全分析与安全智能调研报告<br><a target="_blank" href="http://yepeng.blog.51cto.com/3101105/1577208">http://yepeng.blog.51cto.com/3101105/1577208</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>互联网灰色产业链一角:流氓软件也挺”拼”的 <br><a target="_blank" href="http://blog.vulnhunt.com/index.php/2014/11/14/network_rogue_software/">http://blog.vulnhunt.com/index.php/2014/11/14/network_rogue_software/</a></div></section><section id="news">
    <div class="weeklydivide">
      <strong>安全技术</strong>
    </div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>IP.Board&lt;=3.4.7 SQL注入漏洞（0day）POC<br><a target="_blank" href="http://www.freebuf.com/vuls/50847.html">http://www.freebuf.com/vuls/50847.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>HCTF2014 Writeup(通关攻略) 完美版<br><a target="_blank" href="http://bobao.360.cn/news/detail/796.html">http://bobao.360.cn/news/detail/796.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>hctf writeup<br><a target="_blank" href="http://anhkgg.gitcafe.com/hctf-writeup/">http://anhkgg.gitcafe.com/hctf-writeup/</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>Linux 服务安全器配置的20条建议<br><a target="_blank" href="http://www.cyberciti.biz/tips/linux-security.html">http://www.cyberciti.biz/tips/linux-security.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>WAF防御能力评测及工具<br><a target="_blank" href="http://danqingdani.blog.163.com/blog/static/1860941952014101462723470/">http://danqingdani.blog.163.com/blog/static/1860941952014101462723470/</a></div><div class="single"><span id="tags">[比赛]&nbsp;&nbsp;</span>CUIT 2014 Writeup<br><a target="_blank" href="http://www.91ri.org/9482.html">http://www.91ri.org/9482.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>ICMP Reverse Shell<br><a target="_blank" href="http://resources.infosecinstitute.com/icmp-reverse-shell/?utm_source=tuicool">http://resources.infosecinstitute.com/icmp-reverse-shell/?utm_source=tuicool</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>未知攻焉知防——XXE漏洞攻防<br><a target="_blank" href="http://www.secpulse.com/archives/850.html">http://www.secpulse.com/archives/850.html</a></div><div class="single"><span id="tags">[比赛]&nbsp;&nbsp;</span>Hack.lu 2014 Writeup<br><a target="_blank" href="http://drops.wooyun.org/tips/3420">http://drops.wooyun.org/tips/3420</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>金融攻击事件分析:Tyupkin样本技术分析及攻击过程还原<br><a target="_blank" href="http://blog.vulnhunt.com/index.php/2014/11/11/tyupkin_analysi/">http://blog.vulnhunt.com/index.php/2014/11/11/tyupkin_analysi/</a></div><div class="single"><span id="tags">[比赛]&nbsp;&nbsp;</span>uctf-杂项题目分析<br><a target="_blank" href="http://drops.wooyun.org/tips/3349">http://drops.wooyun.org/tips/3349</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>CVE-2014-1767 Afd.sys double-free vulnerability Analysis and Exploit<br><a target="_blank" href="http://www.secniu.com/cve-2014-1767-afd-sys-double-free-vulnerability-analysis-and-exploit/">http://www.secniu.com/cve-2014-1767-afd-sys-double-free-vulnerability-analysis-and-exploit/</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Android伪关机<br><a target="_blank" href="http://bbs.pediy.com/showthread.php?t=194369">http://bbs.pediy.com/showthread.php?t=194369</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>利用ROP绕过DEP<br><a target="_blank" href="http://www.05112.com/anquan/gjbc/hkbc/2014/1105/16034.html">http://www.05112.com/anquan/gjbc/hkbc/2014/1105/16034.html</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>用命令行录制屏幕操作视频<br><a target="_blank" href="http://www.weibo.com/p/1001603776108683261811">http://www.weibo.com/p/1001603776108683261811</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Playing with MS14-060 and MS14-058 [CVE-2014-4113 CVE-2014-4114] <br><a target="_blank" href="http://labs.jumpsec.com/2014/11/10/playing-ms14-060-ms14-058-cve-2014-4113-cve-2014-4114-attacks-defenses/">http://labs.jumpsec.com/2014/11/10/playing-ms14-060-ms14-058-cve-2014-4113-cve-2014-4114-attacks-defenses/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>配置ModSecurity防火墙与OWASP规则<br><a target="_blank" href="http://4shell.org/archives/85.html">http://4shell.org/archives/85.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>《安全参考》HACKCTO-201411-23<br><a target="_blank" href="http://www.hackcto.com/post/2014-11-15/40064401666">http://www.hackcto.com/post/2014-11-15/40064401666</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>用SDR分析未知HF信号:HDSDR+USRP+GNU Radio+RFMap<br><a target="_blank" href="http://www.bilibili.com/video/av795582/index.html">http://www.bilibili.com/video/av795582/index.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>北京联合大学内网渗透小记 <br><a target="_blank" href="http://www.wooyun.org/bugs/wooyun-2014-077615">http://www.wooyun.org/bugs/wooyun-2014-077615</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>西门子S7-1200 PLC识别指南与工具脚本<br><a target="_blank" href="http://plcscan.org/blog/2014/11/s7-plc-discovery-tools-releases/">http://plcscan.org/blog/2014/11/s7-plc-discovery-tools-releases/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>安全科普：让高大上的Bash破壳漏洞不再难理解（下）<br><a target="_blank" href="http://www.freebuf.com/articles/system/50707.html">http://www.freebuf.com/articles/system/50707.html</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>AndroidManifest二进制文件010 Editor模板<br><a target="_blank" href="http://bbs.pediy.com/showthread.php?p=1329824#post1329824">http://bbs.pediy.com/showthread.php?p=1329824#post1329824</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>Spark：Open source IoT toolkit<br><a target="_blank" href="https://www.spark.io/">https://www.spark.io/</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>Fedora Security Lab Test bench’s documentation<br><a target="_blank" href="https://fedora-security-lab-test-bench.readthedocs.org/en/latest/#">https://fedora-security-lab-test-bench.readthedocs.org/en/latest/#</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>OnionDuke: APT Attacks Via the Tor Network<br><a target="_blank" href="http://www.f-secure.com/weblog/archives/00002764.html">http://www.f-secure.com/weblog/archives/00002764.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>XKungfoo2014安全会议全程纪实<br><a target="_blank" href="http://www.freebuf.com/fevents/32658.html">http://www.freebuf.com/fevents/32658.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>绕过百度杀毒溢出保护的一些方法<br><a target="_blank" href="http://blog.jowto.com/?p=55">http://blog.jowto.com/?p=55</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>版本管理工具介绍—Git篇<br><a target="_blank" href="http://www.imooc.com/learn/208">http://www.imooc.com/learn/208</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>AndroidManifest Ambiguity方案原理及代码<br><a target="_blank" href="http://bbs.pediy.com/showthread.php?p=1329490#post1329490">http://bbs.pediy.com/showthread.php?p=1329490#post1329490</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>clickjacking漏洞的挖掘与利用<br><a target="_blank" href="http://drops.wooyun.org/web/3801">http://drops.wooyun.org/web/3801</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Critical Vulnerability and &#039;Godmode&#039; Exploitation on CVE-2014-6332<br><a target="_blank" href="http://blog.trendmicro.com/trendlabs-security-intelligence/a-killer-combo-critical-vulnerability-and-godmode-exploitation-on-cve-2014-6332/">http://blog.trendmicro.com/trendlabs-security-intelligence/a-killer-combo-critical-vulnerability-and-godmode-exploitation-on-cve-2014-6332/</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>Extending the ELF Core Format for Forensics Snapshots<br><a target="_blank" href="http://www.leviathansecurity.com/wp-content/uploads/2014_11_Ryan_Oneill_Extended-Core-Format-Snapshots.pdf">http://www.leviathansecurity.com/wp-content/uploads/2014_11_Ryan_Oneill_Extended-Core-Format-Snapshots.pdf</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>scada-tools<br><a target="_blank" href="https://github.com/atimorin/scada-tools">https://github.com/atimorin/scada-tools</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>谷歌公司发布程序员养成指南，推荐相关在线课程<br><a target="_blank" href="http://mooc.guokr.com/post/610231/">http://mooc.guokr.com/post/610231/</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>IP 库的那些事儿 <br><a target="_blank" href="https://www.evernote.com/shard/s1/sh/ecaa734a-f53f-4b92-a65b-f4b5be7cb8f3/931d01e038fdd256">https://www.evernote.com/shard/s1/sh/ecaa734a-f53f-4b92-a65b-f4b5be7cb8f3/931d01e038fdd256</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Observing the Havex RAT<br><a target="_blank" href="http://www.netresec.com/?page=Blog&amp;month=2014-11&amp;post=Observing-the-Havex-RAT">http://www.netresec.com/?page=Blog&amp;month=2014-11&amp;post=Observing-the-Havex-RAT</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>从贝叶斯方法谈到贝叶斯网络<br><a target="_blank" href="http://blog.csdn.net/v_july_v/article/details/40984699">http://blog.csdn.net/v_july_v/article/details/40984699</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>IBM X-Force Researcher Finds Significant Vulnerability in Microsoft Windows<br><a target="_blank" href="http://securityintelligence.com/ibm-x-force-researcher-finds-significant-vulnerability-in-microsoft-windows/#.VGMkIDZpPBu">http://securityintelligence.com/ibm-x-force-researcher-finds-significant-vulnerability-in-microsoft-windows/#.VGMkIDZpPBu</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Evolution of Upatre Trojan Downloader<br><a target="_blank" href="http://research.zscaler.com/2014/11/evolution-of-upatre-trojan-downloader.html">http://research.zscaler.com/2014/11/evolution-of-upatre-trojan-downloader.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Zabbix的前台SQL注射漏洞利用<br><a target="_blank" href="http://www.secpulse.com/archives/2089.html">http://www.secpulse.com/archives/2089.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>网络银行木马DYRE知多少（1）<br><a target="_blank" href="http://blog.csdn.net/iqushi/article/details/41080457">http://blog.csdn.net/iqushi/article/details/41080457</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>simple-rootkit：attack against gcc and Python via kernel module<br><a target="_blank" href="https://github.com/mrrrgn/simple-rootkit">https://github.com/mrrrgn/simple-rootkit</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>伪基站 + 钓鱼 = 完美黑产<br><a target="_blank" href="http://zhuanlan.zhihu.com/wooyun/19890065">http://zhuanlan.zhihu.com/wooyun/19890065</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Website Malware Infections, Removal, and You<br><a target="_blank" href="http://blog.sucuri.net/2014/11/the-art-of-website-malware-removal-the-basics.html">http://blog.sucuri.net/2014/11/the-art-of-website-malware-removal-the-basics.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>子域名爆破软件dnsmap介绍<br><a target="_blank" href="http://pan.baidu.com/s/1nt5HMw5">http://pan.baidu.com/s/1nt5HMw5</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>第五季极客大挑战writeup<br><a target="_blank" href="http://syclover.sinaapp.com/?p=369">http://syclover.sinaapp.com/?p=369</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>SSLStrip 终极版 —— location 劫持<br><a target="_blank" href="http://drops.wooyun.org/web/3825">http://drops.wooyun.org/web/3825</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>自动化渗透测试工具 – Heybe<br><a target="_blank" href="http://www.freebuf.com/tools/50734.html">http://www.freebuf.com/tools/50734.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>假面攻击（Masque Attack）详细分析与利用 <br><a target="_blank" href="http://www.secpulse.com/archives/2123.html">http://www.secpulse.com/archives/2123.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Bypassing Microsoft’s Patch for the Sandworm Zero Day<br><a target="_blank" href="http://blogs.mcafee.com/mcafee-labs/bypassing-microsofts-patch-for-the-sandworm-zero-day-even-editing-can-cause-harm">http://blogs.mcafee.com/mcafee-labs/bypassing-microsofts-patch-for-the-sandworm-zero-day-even-editing-can-cause-harm</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>WAP：Web Application Protection<br><a target="_blank" href="http://sourceforge.net/projects/awap/">http://sourceforge.net/projects/awap/</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>安卓Bug 17356824 BroadcastAnywhere漏洞分析<br><a target="_blank" href="http://xteam.baidu.com/?p=77">http://xteam.baidu.com/?p=77</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>CODE-PyconCN2014<br><a target="_blank" href="https://github.com/xtao/CODE-PyconCN2014">https://github.com/xtao/CODE-PyconCN2014</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>web扫描爬虫优化<br><a target="_blank" href="http://drops.wooyun.org/tips/3831">http://drops.wooyun.org/tips/3831</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>HTML5和HTML4差异比较（工作草案）<br><a target="_blank" href="http://www.w3.org/TR/2014/WD-html5-diff-20140918/">http://www.w3.org/TR/2014/WD-html5-diff-20140918/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>The G20 and the New Reality of Cyber Espionage<br><a target="_blank" href="http://www.fireeye.com/blog/corporate/2014/11/the-g20-and-the-new-reality-of-cyber-espionage.html">http://www.fireeye.com/blog/corporate/2014/11/the-g20-and-the-new-reality-of-cyber-espionage.html</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>“破界”（WIRELURKER）综合分析报告<br><a target="_blank" href="http://www.antiy.com/response/WireLurker.html">http://www.antiy.com/response/WireLurker.html</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>树莓派打造无线扫描仪.<br><a target="_blank" href="http://drops.wooyun.org/wireless/3810">http://drops.wooyun.org/wireless/3810</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>PHP文件包含漏洞总结<br><a target="_blank" href="http://drops.wooyun.org/tips/3827">http://drops.wooyun.org/tips/3827</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>关于CTF的一些感想<br><a target="_blank" href="http://le4f.net/post/essay/about-ctf">http://le4f.net/post/essay/about-ctf</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Php Codz Hacking<br><a target="_blank" href="http://www.80vul.com/pch/">http://www.80vul.com/pch/</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>AndroidManifest二进制文件格式分析<br><a target="_blank" href="http://bbs.pediy.com/showthread.php?p=1329538#post1329538">http://bbs.pediy.com/showthread.php?p=1329538#post1329538</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>WireEdit:网络数据包编辑工具<br><a target="_blank" href="https://wireedit.com/">https://wireedit.com/</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>追踪ICS扫描者（Trace ICS Scanner）<br><a target="_blank" href="http://plcscan.org/blog/2014/11/trace-ics-scanner/">http://plcscan.org/blog/2014/11/trace-ics-scanner/</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Android Pattern Lock Cracker<br><a target="_blank" href="https://github.com/sch3m4/androidpatternlock">https://github.com/sch3m4/androidpatternlock</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>TWC: Malware Hunting with Mark Russinovich and the Sysinternals Tools<br><a target="_blank" href="http://channel9.msdn.com/Events/TechEd/NorthAmerica/2014/DCIM-B368#fbid=">http://channel9.msdn.com/Events/TechEd/NorthAmerica/2014/DCIM-B368#fbid=</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>IBM X-Force Researcher Finds Significant Vulnerability in Microsoft Windows<br><a target="_blank" href="http://securityintelligence.com/ibm-x-force-researcher-finds-significant-vulnerability-in-microsoft-windows/#.VGLkPtyUcxk">http://securityintelligence.com/ibm-x-force-researcher-finds-significant-vulnerability-in-microsoft-windows/#.VGLkPtyUcxk</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>小米11.11：海量数据压力下的推送服务<br><a target="_blank" href="http://www.infoq.com/cn/news/2014/11/xiaomi-1111-pushservice">http://www.infoq.com/cn/news/2014/11/xiaomi-1111-pushservice</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>BugMeNot: find and share logins<br><a target="_blank" href="http://bugmenot.com/">http://bugmenot.com/</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>NFC手机：攻破交通卡<br><a target="_blank" href="http://blog.avlyun.com/2014/11/1668/nfc-phone-fee-consumption/">http://blog.avlyun.com/2014/11/1668/nfc-phone-fee-consumption/</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>国内创业公司常用的服务<br><a target="_blank" href="http://miao.hu/2014/11/14/startup-services/">http://miao.hu/2014/11/14/startup-services/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>检测php网站是否已经被攻破的方法<br><a target="_blank" href="http://4shell.org/archives/62.html">http://4shell.org/archives/62.html</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Android Logcat Security<br><a target="_blank" href="http://drops.wooyun.org/tips/3812">http://drops.wooyun.org/tips/3812</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Abusing Samsung KNOX to remotely install a malicious application<br><a target="_blank" href="http://blog.quarkslab.com/abusing-samsung-knox-to-remotely-install-a-malicious-application-story-of-a-half-patched-vulnerability.html">http://blog.quarkslab.com/abusing-samsung-knox-to-remotely-install-a-malicious-application-story-of-a-half-patched-vulnerability.html</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>phantomjs小试牛刀<br><a target="_blank" href="http://direwolf.gitcafe.com/2014/11/11/phantomjs%E5%B0%8F%E8%AF%95%E7%89%9B%E5%88%80/">http://direwolf.gitcafe.com/2014/11/11/phantomjs%E5%B0%8F%E8%AF%95%E7%89%9B%E5%88%80/</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>Android运行时ART执行类方法的过程分析<br><a target="_blank" href="http://blog.csdn.net/luoshengyang/article/details/40289405">http://blog.csdn.net/luoshengyang/article/details/40289405</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Zabbix的前台SQL注射漏洞0day<br><a target="_blank" href="http://navisec.it/zabbix%E7%9A%84%E5%89%8D%E5%8F%B0sql%E6%B3%A8%E5%B0%84%E6%BC%8F%E6%B4%9E0day/">http://navisec.it/zabbix%E7%9A%84%E5%89%8D%E5%8F%B0sql%E6%B3%A8%E5%B0%84%E6%BC%8F%E6%B4%9E0day/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>渗透中寻找突破口的那些事<br><a target="_blank" href="http://4shell.org/archives/63.html">http://4shell.org/archives/63.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>一枚邪恶的输入法浅析<br><a target="_blank" href="http://www.freebuf.com/articles/system/50579.html">http://www.freebuf.com/articles/system/50579.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>How NSA&#039;s Cyber Warriors Helped Win (Sorta) The Last War in Iraq<br><a target="_blank" href="http://www.matthewaid.com/post/102178369761/how-nsas-cyber-warriors-helped-win-sorta-the-last">http://www.matthewaid.com/post/102178369761/how-nsas-cyber-warriors-helped-win-sorta-the-last</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>When&#039;s document.URL not document.URL<br><a target="_blank" href="http://tyranidslair.blogspot.co.uk/2014/11/whens-documenturl-not-documenturl-cve.html">http://tyranidslair.blogspot.co.uk/2014/11/whens-documenturl-not-documenturl-cve.html</a></div></section>
<section id="news">
        <pre style="margin-top: 15px; margin-bottom: 15px; padding: 6px 10px; max-width: 100%; color: rgb(62, 62, 62); background-color: rgb(255, 255, 255); -webkit-print-color-adjust: exact; border-width: 1px; border-style: solid; border-color: rgb(204, 204, 204); font-size: 13px; line-height: 19px; overflow: auto; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;"><code class="" style="max-width: 100%; -webkit-print-color-adjust: exact; border-width: initial; border-style: none; border-color: initial; background-color: transparent; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;">-----微信ID：SecWiki-----
SecWiki，5年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com</code></pre>
    <p style="max-width: 100%; min-height: 1em; color: rgb(62, 62, 62); font-size: 16px; white-space: normal; background-color: rgb(255, 255, 255); box-sizing: border-box !important; word-wrap: break-word !important;"><span style="max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">本期原文地址:<span style="max-width: 100%; font-family: Helvetica, arial, sans-serif; box-sizing: border-box !important; word-wrap: break-word !important;">&nbsp;<a href="https://www.sec-wiki.com/weekly/37">SecWiki周刊(第37期)</a></span><br style="max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"></span></p>
</section>
    </div><!-- content -->
</div>
    </div>
</div>

<div id="footer" class="footer">
		<div class="container"  style="margin-top: 5px;">
			<div class="span3">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">最新公告</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='http://www.sec-wiki.com/about/donate'>2016-01-01 打赏功能开通</a><br>
						<a href='http://www.sec-wiki.com/about/join'>2015-01-05 如何加入SecWiki</a><br>
						<a href='http://www.sec-wiki.com/about/submit'>2014-08-08 如何快捷提交资讯</a><br>
						<a href='http://www.sec-wiki.com/about/index'>2012-07-01 关于SecWiki</a><br>
				</div>
			</div>

			<div class="span5">
				<div class="one-third column">
					<h5 class="title">
						<a target="_blank" href="/nav/index">友情链接</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='https://www.secsilo.com/'>安全沙漏</a>&nbsp;
						<a href='http://www.freebuf.com/'>Freebuf</a>&nbsp;
						<a href='http://www.anquanquan.info/'>安全圈</a>&nbsp;
						<a href='http://navisec.it/'>Navisec</a>&nbsp;
                        <a href='http://das.scusec.org'>小黑屋</a>&nbsp;
                        <a href='http://www.polaris-lab.com/'>勾陈Lab</a>
                        <br>
						<a href='http://www.ijiandao.com'>网络尖刀</a>&nbsp;
                        <a href='http://www.shellpub.com/'>ShellPub</a>&nbsp;
                        <a href='http://www.secpulse.com/?secwiki'>SecPulse</a>&nbsp;
                        <a href='https://www.secquan.org/'>圈子</a>
                        <a href='http://bluereader.org/'>深蓝阅读</a>&nbsp;<br>
                        <a href='http://www.bugbank.cn/'>漏洞银行</a>
                        <a href='http://bobao.360.cn/'>安全客</a>
                        <a href='http://www.secfree.com/'>指尖安全</a>
                        <a href='https://www.easyaq.com/'>E安全</a>
                        <a href='http://www.vipread.com/'>安全slide</a>

                        <a href="/link">更多</a>
					</p>
				</div>
			</div>

			<div class="span2">
			    <div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">SecWiki公众号</a>						<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/weixin.jpg">
					</div>
				</div>
			</div>

			<div class="span2">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/donate">安全学术圈</a>					<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/secquan.jpg">
					</div>
				</div>
			</div>

		</div>
		<div class="container" style="margin-top:5px;margin-bottom: 10px;">
			<div class="span9">
					Copyright &copy;
					2019                    琼ICP备16003361号-4
                    SecWiki
					<a href="/news/rss">
						<img src="/img/rss.gif" border="0" width="36px" height="14px" alt="订阅SecWiki">
					</a>
					<a href="https://www.upyun.com/">
						<img src="https://secwiki.b0.upaiyun.com/upyun.png" width="80" border="0" alt="UPYUN">
					</a>
					<a href="http://www.vultr.com/?ref=6885244">
						<img src="https://secwiki.b0.upaiyun.com/vultr.png" width="100" border="0" alt="vultr">
					</a>&nbsp;&nbsp;
			</div>
		</div>
</div><!-- footer -->
<div id="csswithjs">
        <script type="text/javascript">
            var _bdhmProtocol = (("https:" == document.location.protocol) ? " https://" : " http://");
            document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3Fbad84ea1f314383f8da7949aad5c2199' type='text/javascript'%3E%3C/script%3E"));
    </script>
</div>
<script type="text/javascript" src="https://secwiki.b0.upaiyun.com/js/bs.min.js"></script>
<script type="text/javascript">
/*<![CDATA[*/
jQuery(function($) {
jQuery('[data-toggle=popover]').popover();
jQuery('body').tooltip({"selector":"[data-toggle=tooltip]"});
jQuery('#yii_bootstrap_collapse_0').collapse({'parent':false,'toggle':false});
});
/*]]>*/
</script>
</body>
<!-- page -->
</html>
